Welcome, Guest. Please login or register.

Author Topic: Skype - Banner Ads Pose Massive Security Risk - Self Article -  (Read 7154 times)

0 Members and 2 Guests are viewing this topic.

Offline Inject OH 4

This whole event happened about 3-4 days ago:

While using Skype and playing minecraft with a friend I encountered an issue. A pop up came on my PC whilst I was in game. Scared and afraid I had contracted a virus on my computer, I immediately shut down and did several boot scans. After finding no results I got confused.

Then I ran Skype within a virtual machine within Ubuntu. Noticing the similar ad that had popped up on my machine within there program. I clicked it and it went to the same place.

I replicated the result restarting a fresh Virtual Machine. I opened Skype to the Home page with the ad and closed out of the Skype window. Then my default browser opened up the ad displayed within demanding I complete a survey.

This is a Severe security issue. And for a company like Microsoft to have this in there (now owned) products is absolutely unacceptable.
I have confirmed without a doubt that Skype has banner Hijacked me with a rouge ad displayed within the application.

If you are concerned the issue arises from an add from SafeCount


Ads from safe count similar to this will Hijack your browser into opening up and displaying there survey without even clicking the ad. This can happen by closing out the current Skype window or by ads changing behind the scenes randomly while a Skype call runs in the background. Although you personally may never see this ad due to not being the target audience or for what ever other reason the point still stands. The security issue is that simplistic scripts running within applications for showing ads are just not secure. This brings way for easy Malware drive bys and other security issues that highly dangerous or that invade your privacy. Once the pop up comes up it will add a nice tracking cookie to your PC. Upon which it will stop popping up unless you remove the cookie then it appears to do the exploit again if you have Skype open and it runs past this ad. The ad it self appears to show 1/50 times. So it's not always common to see it.

With Skype now being bundled with Windows 8 (Skype which is now owned by Microsoft) this means the ~$300 OS you've paid for... is supported by software with ads. How is this appropriate? For Microsoft to let something as big as this slide is absurd to say the least.

But hey, That's just what I think. Being a person who likes not getting my PC infected. What does this make you think of Skype?
Quote from:  Winston
We shall defend our island, whatever the cost may be, we shall fight on the beaches, we shall fight on the landing grounds, we shall fight in the fields and in the streets, we shall fight in the hills; we shall never surrender.
Quote from:  Zombie
Valuve Admin Steve: If not we at valve can act as a "guardian gateway".
Valuve Admin Steve: I will be your daddy.
Looking for graphic artist, Photoshopers, and other graphic related people. Hit me a PM if you can help!

Offline Blackllama

Re: Skype - Banner Ads Pose Massive Security Risk - Self Article -
« Reply #1 on: June 07, 2013, 10:23:39 PM »
I think skype is already very sketchy. I do not know if this is still possible, but I believe it is. Skype is very commonly used by hackers to pick up your IP address. You should never skype with someone if you are not sure who they are. It is true you can get people's IP in a shitload of ways, but if you have reason to think someone might be targeting you, don't skype them.

Teamspeak, mumble, and ventrilo are all better alternatives.

On the note of win8 ads:
I think that is also very silly. If microsoft keeps taking things in that direction, I think linux will continue to grow, ever so slowly replacing windows. If it ever happens though, it'll be a while. Valve is already a step in the right direction, a fair amount of games are on the steam linux client, and now that the client is available it will only encourage developers to make more cross platform games.

Conjoint Gaming [Game On]

Re: Skype - Banner Ads Pose Massive Security Risk - Self Article -
« Reply #1 on: June 07, 2013, 10:23:39 PM »

Offline Inject OH 4

Re: Skype - Banner Ads Pose Massive Security Risk - Self Article -
« Reply #2 on: June 07, 2013, 10:37:42 PM »
I think skype is already very sketchy. I do not know if this is still possible, but I believe it is. Skype is very commonly used by hackers to pick up your IP address. You should never skype with someone if you are not sure who they are. It is true you can get people's IP in a shitload of ways, but if you have reason to think someone might be targeting you, don't skype them.

Teamspeak, mumble, and ventrilo are all better alternatives.

On the note of win8 ads:
I think that is also very silly. If microsoft keeps taking things in that direction, I think linux will continue to grow, ever so slowly replacing windows. If it ever happens though, it'll be a while. Valve is already a step in the right direction, a fair amount of games are on the steam linux client, and now that the client is available it will only encourage developers to make more cross platform games.
Skype uses P2P client conversation, so yes if someone calls you up on skype they can get your IP.

Some say ads are to support the servers... why? All calls are hosted on P2P. Not on Skype servers.

As much as I like vent, teamspeak, etc. I don't consider them to be the exact same thing. It's not quite what I'm looking for.

Alternatives include, Razer Comms, and Steam Group chat. That's about it. :/
Sad part is I'm forced to use skype. MSN is gone and everyone is on skype. When will people stop taking the beating and just but there hand up and say enough is enough? This needs to stop!
Quote from:  Winston
We shall defend our island, whatever the cost may be, we shall fight on the beaches, we shall fight on the landing grounds, we shall fight in the fields and in the streets, we shall fight in the hills; we shall never surrender.
Quote from:  Zombie
Valuve Admin Steve: If not we at valve can act as a "guardian gateway".
Valuve Admin Steve: I will be your daddy.
Looking for graphic artist, Photoshopers, and other graphic related people. Hit me a PM if you can help!

Offline Cortez (Mr. T. FOO!)

Re: Skype - Banner Ads Pose Massive Security Risk - Self Article -
« Reply #3 on: June 07, 2013, 11:29:08 PM »
I think skype is already very sketchy. I do not know if this is still possible, but I believe it is. Skype is very commonly used by hackers to pick up your IP address. You should never skype with someone if you are not sure who they are. It is true you can get people's IP in a shitload of ways, but if you have reason to think someone might be targeting you, don't skype them.

Teamspeak, mumble, and ventrilo are all better alternatives.

On the note of win8 ads:
I think that is also very silly. If microsoft keeps taking things in that direction, I think linux will continue to grow, ever so slowly replacing windows. If it ever happens though, it'll be a while. Valve is already a step in the right direction, a fair amount of games are on the steam linux client, and now that the client is available it will only encourage developers to make more cross platform games.
Skype uses P2P client conversation, so yes if someone calls you up on skype they can get your IP.

Some say ads are to support the servers... why? All calls are hosted on P2P. Not on Skype servers.

As much as I like vent, teamspeak, etc. I don't consider them to be the exact same thing. It's not quite what I'm looking for.

Alternatives include, Razer Comms, and Steam Group chat. That's about it. :/
Sad part is I'm forced to use skype. MSN is gone and everyone is on skype. When will people stop taking the beating and just but there hand up and say enough is enough? This needs to stop!

I agree. I don't really use skype much as it is but this is pretty bad. For me the steam voice chat does the job pretty well but it doesn't offer the same things that skype does, ie face to face. Not to mention the fact that there are people you might want to talk to that aren't gamers. On a side note, I hate to burst your bubble Blackllama but linux is simply too intimidating for your average idiot. It would take a lot for it to overcome the great software giant.
Does this look like a ball field to you sucka? This is a sandbox. For making sandcastles.

Quote
Post Count
A Novel by Inject OH 4
Conjoint Gaming
"You thought a Human Centipede was bad, wait till you get a load of us."
Bears, beer and bitches. That's everyone's motto.
Quote from: some guy on PC gamer
First of all, books were all but dead until tablets rejuvenated the industry
Quote from: Blazyd
Cortez I'm actually on black tar heroin fyi
Only been in it once didn't really pay attention to the staff, I think their was an eatable thong... but that may have been a totally different store, ANYWAYS... lol.
The plunger could simply be out of view, the pants + it's location behind the toilet may hide it... Or it's a fraud and we need to take down the system with out golden axes while destroying the rest of the demon-spawn so that we may live in a utopia.

Offline Blackllama

Re: Skype - Banner Ads Pose Massive Security Risk - Self Article -
« Reply #4 on: June 07, 2013, 11:30:12 PM »
I think skype is already very sketchy. I do not know if this is still possible, but I believe it is. Skype is very commonly used by hackers to pick up your IP address. You should never skype with someone if you are not sure who they are. It is true you can get people's IP in a shitload of ways, but if you have reason to think someone might be targeting you, don't skype them.

Teamspeak, mumble, and ventrilo are all better alternatives.

On the note of win8 ads:
I think that is also very silly. If microsoft keeps taking things in that direction, I think linux will continue to grow, ever so slowly replacing windows. If it ever happens though, it'll be a while. Valve is already a step in the right direction, a fair amount of games are on the steam linux client, and now that the client is available it will only encourage developers to make more cross platform games.
Skype uses P2P client conversation, so yes if someone calls you up on skype they can get your IP.

Some say ads are to support the servers... why? All calls are hosted on P2P. Not on Skype servers.

As much as I like vent, teamspeak, etc. I don't consider them to be the exact same thing. It's not quite what I'm looking for.

Alternatives include, Razer Comms, and Steam Group chat. That's about it. :/
Sad part is I'm forced to use skype. MSN is gone and everyone is on skype. When will people stop taking the beating and just but there hand up and say enough is enough? This needs to stop!
Yeah it's true that the ones I listed really aren't the same and not everyone has a server to connect to. Steam chat works alright, but I wish there was a better alternative for p2p VOIP.

Offline theyankees213

Re: Skype - Banner Ads Pose Massive Security Risk - Self Article -
« Reply #5 on: June 07, 2013, 11:37:41 PM »
Raidcall is a good one to use


"Thats my fucking couch!!! NOOO! The humanity!!!!"  -Tyber
"Leet, only blade knows what my butt was meant for."-oobla
"It's all fun and games until one of the midgets pulls out a battleaxe" -Tyber
Why is this even a cloud? -Cortez

Yankees is easy to get mad tell him about the New York Nursing Home team

Offline TowerSheep

Re: Skype - Banner Ads Pose Massive Security Risk - Self Article -
« Reply #6 on: June 07, 2013, 11:38:13 PM »
I use skype for work. I have had no problems with this at all. It is a great business tool, especially when working with companies all over the world. (I like in US, I work with Ukraine, China, India, etc).

The servers that it supports store the text you send to each other. I can access a conversation I had a year ago with my buddy in China from any computer as long as I log in.

by Kwaurtz

Offline Inject OH 4

Re: Skype - Banner Ads Pose Massive Security Risk - Self Article -
« Reply #7 on: June 07, 2013, 11:43:59 PM »
I use skype for work. I have had no problems with this at all. It is a great business tool, especially when working with companies all over the world. (I like in US, I work with Ukraine, China, India, etc).

The servers that it supports store the text you send to each other. I can access a conversation I had a year ago with my buddy in China from any computer as long as I log in.
I can do that with xfire. As far as I'm concerned that should be a stand in all IM's.
Also remember not having had the issue doesn't mean it doesn't exist.
Ads are targeted based on skype profiles (IE: Age, Gender, Location) it's possible you will ever see the ad.

The issue isn't the ad however, it's the security risk the ad poses. Skype Premium removes ads.

Skype also lacks in some features as well.

Google Face Time/ Group Call can be an Ok alternative for business at times.
I hate to burst your bubble Blackllama but linux is simply too intimidating for your average idiot. It would take a lot for it to overcome the great software giant.
Ubuntu is actually very simple for an end user at this point. I'd suggest you give it a try. With the push Steam has made with it we could really start to see it as at least slightly a more main stream platform if not for the average user then for gamers. If and only If graphics card company’s comply and optimize there drivers for Linux and Open GL. We've already sceen things like ChromeBook, which runs linux.
Quote from:  Winston
We shall defend our island, whatever the cost may be, we shall fight on the beaches, we shall fight on the landing grounds, we shall fight in the fields and in the streets, we shall fight in the hills; we shall never surrender.
Quote from:  Zombie
Valuve Admin Steve: If not we at valve can act as a "guardian gateway".
Valuve Admin Steve: I will be your daddy.
Looking for graphic artist, Photoshopers, and other graphic related people. Hit me a PM if you can help!

Offline Cortez (Mr. T. FOO!)

Re: Skype - Banner Ads Pose Massive Security Risk - Self Article -
« Reply #8 on: June 08, 2013, 12:00:28 AM »
Ubuntu is actually very simple for an end user at this point. I'd suggest you give it a try. With the push Steam has made with it we could really start to see it as at least slightly a more main stream platform if not for the average user then for gamers. If and only If graphics card company’s comply and optimize there drivers for Linux and Open GL. We've already sceen things like ChromeBook, which runs linux.

Oh I know, but the majority of the market just doesn't get it. But enough offtopicness.
Does this look like a ball field to you sucka? This is a sandbox. For making sandcastles.

Quote
Post Count
A Novel by Inject OH 4
Conjoint Gaming
"You thought a Human Centipede was bad, wait till you get a load of us."
Bears, beer and bitches. That's everyone's motto.
Quote from: some guy on PC gamer
First of all, books were all but dead until tablets rejuvenated the industry
Quote from: Blazyd
Cortez I'm actually on black tar heroin fyi
Only been in it once didn't really pay attention to the staff, I think their was an eatable thong... but that may have been a totally different store, ANYWAYS... lol.
The plunger could simply be out of view, the pants + it's location behind the toilet may hide it... Or it's a fraud and we need to take down the system with out golden axes while destroying the rest of the demon-spawn so that we may live in a utopia.

Offline CashPrizes

Re: Skype - Banner Ads Pose Massive Security Risk - Self Article -
« Reply #9 on: June 08, 2013, 12:43:12 AM »
Teamspeak, mumble, and ventrilo are all better alternatives.

I agree.

Offline Cadaver

Re: Skype - Banner Ads Pose Massive Security Risk - Self Article -
« Reply #10 on: June 08, 2013, 02:49:17 AM »
I did not like the addition of the ads.  And I simply keep forgetting my blasted password.

Offline Inject OH 4

Re: Skype - Banner Ads Pose Massive Security Risk - Self Article -
« Reply #11 on: June 08, 2013, 09:55:56 AM »
I did not like the addition of the ads.  And I simply keep forgetting my blasted password.
Ya ads within applications are a huge security flaw. In app based browsers don't have the advance protocols that you actual browser does. Making exploits very easy.
Quote from:  Winston
We shall defend our island, whatever the cost may be, we shall fight on the beaches, we shall fight on the landing grounds, we shall fight in the fields and in the streets, we shall fight in the hills; we shall never surrender.
Quote from:  Zombie
Valuve Admin Steve: If not we at valve can act as a "guardian gateway".
Valuve Admin Steve: I will be your daddy.
Looking for graphic artist, Photoshopers, and other graphic related people. Hit me a PM if you can help!

Offline TowerSheep

Re: Skype - Banner Ads Pose Massive Security Risk - Self Article -
« Reply #12 on: June 08, 2013, 01:42:02 PM »
I use skype for work. I have had no problems with this at all. It is a great business tool, especially when working with companies all over the world. (I like in US, I work with Ukraine, China, India, etc).

The servers that it supports store the text you send to each other. I can access a conversation I had a year ago with my buddy in China from any computer as long as I log in.
I can do that with xfire. As far as I'm concerned that should be a stand in all IM's.
Also remember not having had the issue doesn't mean it doesn't exist.
Ads are targeted based on skype profiles (IE: Age, Gender, Location) it's possible you will ever see the ad.

The issue isn't the ad however, it's the security risk the ad poses. Skype Premium removes ads.

Skype also lacks in some features as well.

Google Face Time/ Group Call can be an Ok alternative for business at times.
I agree that is is a problem, just saying I haven't known any one else that runs into it. I don't have Skype premium though.

Google Face Time / Group Call would be terrible, we've tried it several times with our sister company over in India. A lot of what we do is through chat rooms, I'm sure there are better things out there but it's the same thing as why IE is the most used browser: It is mainstream and easy. Everyone knows about Skype and it is not designed for gaming (gaming orientated things are frowned upon in business). I really wish we could swap the method of communication but there are too many people already using skype :(

by Kwaurtz

Conjoint Gaming [Game On]

Re: Skype - Banner Ads Pose Massive Security Risk - Self Article -
« Reply #12 on: June 08, 2013, 01:42:02 PM »

 


* ShoutBox!

Refresh History
  • Careful what you post. Forum rules still apply in the shoutbox!
  • Pyro: happy birthday Tyber
    July 14, 2024, 01:55:16 PM
  • Finniespin: More of a Patrick Hernandez guy - Born to be Alive
    June 16, 2024, 09:14:27 AM
  • Sly: Aaron Hernandez was a legend of a man
    June 14, 2024, 01:46:02 AM
  • Finniespin: how? what?
    June 01, 2024, 06:28:43 PM
  • Inject OH 4: Lost my discord rip
    May 30, 2024, 12:14:57 AM
  • Finniespin: yoooooooo!
    April 03, 2024, 05:32:48 PM
  • Coreybush11: bump
    April 01, 2024, 10:59:48 PM
  • Finniespin: wut
    March 28, 2024, 05:01:26 PM
  • Inject OH 4: And yes thank you very much Finnie! You are a champion xP
    March 22, 2024, 05:59:12 PM
  • Inject OH 4: Hey abrys agreed we should.
    March 22, 2024, 05:59:02 PM
  • Finniespin: Totally not a spam-bot, also totally not a limited time offer
    March 03, 2024, 05:25:06 PM
  • Finniespin: Anyone looking for a datacenter technician job? We got postings available around US and Europe (EMEA)
    February 17, 2024, 07:23:12 AM
  • Finniespin: https://www.google.com/about/careers/applications/jobs/results/118336179041903302-data-center-technician-global-server-operations
    February 17, 2024, 07:20:25 AM
  • Finniespin: Gave Inject 50 euros to pay for fees ^^
    February 17, 2024, 07:17:42 AM
  • xXArbysOvenMittXx: we gotta get the crew together again one day and hang, add me on discord: ogarbies
    February 12, 2024, 06:52:07 PM
  • xXArbysOvenMittXx: yo who is still paying for this lol
    February 12, 2024, 06:19:47 PM
  • Klondor: wow CG still lives, mind blown
    February 09, 2024, 05:13:53 AM
  • Finniespin: The website is back online!!!
    February 06, 2024, 03:17:05 PM
  • Inject OH 4: xD
    January 14, 2024, 05:55:44 PM
  • Finniespin: Get a load of this guy
    December 16, 2023, 09:16:03 AM
  • Inject OH 4: Sure
    December 09, 2023, 07:22:27 PM
  • HailToTheKing: cum shot . and cum shot. an d cum shot
    December 01, 2023, 01:54:12 PM
  • Finniespin: ffuck
    November 24, 2023, 03:43:47 PM
  • Inject OH 4: ee
    October 12, 2023, 01:13:56 AM
  • Sly: dd
    August 09, 2023, 03:13:48 AM
  • Inject OH 4: cc
    August 03, 2023, 09:51:36 PM
  • Finniespin: bb
    August 02, 2023, 06:12:50 PM
  • Inject OH 4: aa
    July 04, 2023, 10:29:35 PM
  • Shikaru: Been a very long time
    February 20, 2023, 05:42:04 PM
  • Shikaru: Oh wow my account is STILL active :)
    February 20, 2023, 05:42:00 PM
  • Napoleon BonaPARTY: yooo we got a lovense sponsor???
    December 16, 2022, 03:45:43 PM
  • Napoleon BonaPARTY: holy shit
    December 16, 2022, 03:45:24 PM
  • Napoleon BonaPARTY: oh wow its still here
    December 16, 2022, 03:45:21 PM
  • HailToTheKing: legends never die
    October 16, 2022, 01:28:09 PM
  • Live Bait: Oh wow. Still remember my old password.
    September 23, 2022, 08:37:38 AM
  • Mr_Rainbow: Still alive. Hope all is well with everyone this Christmas
    December 09, 2021, 03:31:04 AM
  • SlyWilliam: Much love, from our MC server to our ZPS server <3
    December 07, 2021, 10:23:37 PM
  • SlyWilliam: For the record, I don't REALLY remember all of you, but goddamn do I MISS all of you <3
    December 07, 2021, 10:23:10 PM
  • Pyro: parrot
    September 07, 2021, 05:23:18 AM
  • Inject OH 4: Do you mean for people that haven't come on in a long time and have to reagree?
    August 02, 2021, 11:39:42 PM

SimplePortal 2.3.5 © 2008-2012, SimplePortal